<?php
//**************************************************************************
//
//            (C) Okulov Rostislav, 2011
//
//**************************************************************************

/*
 ***************************************************************************
 *                                                                         *
 *   This source is free software; you can redistribute it and/or modify   *
 *   it under the terms of the GNU General Public License as published by  *
 *   the Free Software Foundation; either version 2 of the License, or     *
 *   (at your option) any later version.                                   *
 *                                                                         *
 *   This code is distributed in the hope that it will be useful, but      *
 *   WITHOUT ANY WARRANTY; without even the implied warranty of            *
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU     *
 *   General Public License for more details.                              *
 *                                                                         *
 *   A copy of the GNU General Public License is available on the World    *
 *   Wide Web at <http://www.gnu.org/copyleft/gpl.html>. You can also      *
 *   obtain it by writing to the Free Software Foundation,                 *
 *   Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.        *
 *                                                                         *
 */
 
   session_start();
   include ('mysql_connect.php');
   include ('func_list.php');

   // Connection to MySQL server
   $link = mysql_connect($dbhost, $dbuser, $dbpassword);
   if (empty($link)) {
      echo 'Could not connect to MySQL'; 
      exit;
   }
   // Check our database
   mysql_select_db($dbname, $link);

   $userinfo = '';
   $state = 0;
   if ( (isset($_COOKIE['l_login'])) & (isset($_COOKIE['l_pass'])) ) {
      if (!isset($_GET['exit'])) {
         $login = $_COOKIE['l_login'];
         $pass = $_COOKIE['l_pass'];
         $query="SELECT id, pass FROM users WHERE login='".mysql_escape_string($login)."'";
         $result = mysql_query($query);
         if (mysql_num_rows($result) > 0) {
            $userinfo = mysql_fetch_array($result);
            if (strcmp($pass,$userinfo['pass']) == 0) {
               $query = "SELECT * FROM users WHERE login='".mysql_escape_string($login)."'";
               $result = mysql_query($query);
               $userinfo = mysql_fetch_array($result);
               $time=time();
               $_SESSION['user'] = $login;
               $_SESSION['email'] = $userinfo['email'];
               $_SESSION['sessid'] = session_id();
               setcookie("l_login",$login,$time+50000);
               setcookie("l_pass",$pass,$time+50000);
               $state = 1;
            }
         }
         
      } else {
         setcookie("l_login");
         setcookie("l_pass");
      }
   }
   if ($state != 1) {
      if ( (isset($_POST['l_login'])) && (isset($_POST['l_pass'])) ) {
         if (preg_match('/^[a-z0-9]{4,20}$/i',$_POST['l_login'])) {
           $login = $_POST['l_login'];     
           $query = "SELECT id, pass FROM users WHERE login='".mysql_escape_string($login)."'";
           $result = mysql_query($query);
           if (mysql_num_rows($result) > 0) {
              $userinfo = mysql_fetch_array($result);
              if (preg_match('/^[a-z0-9]{4,11}$/i',$_POST['l_pass'])) {
                 $pass = $_POST['l_pass'];
                 if (md5($pass) == $userinfo['pass']){
                    $query = "SELECT * FROM users WHERE login='".mysql_escape_string($login)."'";
                    $result = mysql_query($query);
                    $userinfo = mysql_fetch_array($result);
                    $time = time();
                    $_SESSION['user'] = $login;
                    $_SESSION['email'] = $userinfo['email'];
                    $_SESSION['sessid'] = session_id();
                    setcookie("l_login", $login, $time+50000);
                    setcookie("l_pass", md5($pass), $time+50000);
                    $state = 1;
                 }
              }
           }
        }
  
      }

   }

 define('THEME','default');
 $page = !empty($_GET['page'])?trim(strip_tags($_GET['page'])):$page = "main";
 include 'themes/'.THEME.'/top.php';
 if ($page) {
  if ((!strpos($page,".")) and (!strpos($page,"/"))) {

// \ dirty code for quick title fix
   if ($page == 'article' && !empty($_GET['pid'])) {
      $query = "SELECT description FROM articles WHERE id=".intval($_GET['pid']);
      $result = mysql_query($query, $link);
      if (mysql_num_rows($result) != 0) {
         while ($line = mysql_fetch_array($result)) {
               echo '<title>Some title for our site - '.$line["description"].'</title>';
         }
      }
   }elseif ($page == 'main' && !empty($_GET['artid'])) {
      $query = "SELECT title FROM mynews WHERE id=".intval($_GET['artid']);
      $result = mysql_query($query, $link);
      if (mysql_num_rows($result) != 0) {
         $approved = 1;
         while ($line = mysql_fetch_array($result))  {
               echo '<title>inside-div.com - '.$line["title"].'</title>';
         }
      }
   } else echo '<title>Some title for our site.</title>';
// \ dirty code for quick title fix

   $path = 'inc/'.$page.'/view.php';
   if (file_exists($path)) {
    include 'themes/'.THEME.'/menu.php';
    include($path);
   } else {
    echo '
 <h4>Error!</h4>
 <h4>Page not found. </h4>';
   }  
  } else {
   echo '
 <h4>Error!</h4>
 <h4>Page not found. </h4>';
  }
 }
 include 'themes/'.THEME.'/sidebar.php'; 
 include 'themes/'.THEME.'/footer.html';
?>
